Authentication trials tipped

There could be some cash for the IT industry out of the Budget’s $14.8 million funding for electronic authentication development.

The early part of the 18-24-month development that this funding supports will be concerned with evolving policy, but some practical trials of technology infrastructure could well be required later in the period, says e-government unit head Laurence Millar.

As e-government authentication develops, government expects a greater load will be put on the work of the Privacy Commissioner, Millar says. Alongside the funds voted for the all-of-government authentication standards effort in the Budget, the Budget directed some cash to strengthening the resources of the Privacy Commissioner’s office.

The e-government unit and the Privacy Commissioner’s office will be developing a memorandum of understanding on how complaints and issues of concern will be handled.

There are several major strands of work to be progressed, Millar says. Perhaps the most significant is to develop authentication standards, “lining up the level of authentication required with the risk of the transaction”.

These standards will be supported by a “formal accreditation network” which will extend across all government agencies and be linked to existing standards on interoperability (eGIF) and metadata.

Similar work has already been done by other governments on this match-up of their similar suites of transactions, “so we won’t be starting with a clean sheet of paper”, says Millar. But neither is there a complete suite of practices which can be adopted wholesale from overseas

A number of ancillary issues have been flagged by work already done and these will be tackled in the next phase. For example, the question of identifying a user’s status as a “minor” will have to be covered, where services to young people differ from those provided to adults. There are different age borderlines in different agencies, “and we’ll have to work out ways of handling these, or perhaps there will be some harmonisation”.

There is currently no requirement for biometric data as part of the authentication mechanism, Millar says, despite suggestions in the Privacy Impact Assessment that biometrics may have to be used to resolve confusion when two people have the same name, address and date and place of birth. No collaborative work is envisaged with Customs’ biometrically-based border identification scheme.

Despite the government ICT strategy document’s emphasis on inspiring confidence among users across the whole spectrum of ICT use, there is no plan to push government authentication credentials for use in private industry, Millar says.

Private companies, however, often take it on themselves to accept government credentials, he notes. “When you open a bank account, for example, the bank accepts your passport as a means of identification; but passports were not specifically planned as a private identifier.” In the same way, e-government identifiers may gain respect and use in the private sector.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.